I'm having an issue with hosting a static website on Amazon S3. When forwarding to a folder containing a index.html file it always returns a AccessDenied response.
So accessing domain.com/en/index.html works but domain.com/en gives AccessDenied.
Anyone an idea?
My bucket policy is
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::domain.com/*"
]
}
]
}
Your bucket policy is correct. What is happening is that domain.com/en doesn't forward your request to domain.com/en/index.html, so Amazon S3 thinks that you're requesting the object en inside the bucket's root folder.
To forward your request to index.html put a slash after your initial path, like domain.com/en/.
Check this AWS documentation below to more information:
https://docs.aws.amazon.com/AmazonS3/latest/dev/IndexDocumentSupport.html
Related
I have enabled S3 Webhosting for a S3 Bucket. To this bucket,iam pushing the web app files through lambda. When i hit S3 URL in the browser,iam getting 403 access denied exception whereas when i upload the web app files manually, iam able to access.
Bucket policy is updated as below
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "2",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<<bucket name>>/*"
}
]
}
Please help with the suggestions.
I am new to AWS. I have a website and I would like to host my larger images on AWS. I have successfully created a bucket and can access that bucket via FTP but I do not know how to determine the URL for the contents of that bucket so I can reference the images on my website.
I have tried: https://bucketname.s3.amazonaws.com/imagename.jpg
and I have tried https://s3.amazonaws.com/bucketname/imagename.jpg
But I get errors on both.
What is the correct path?
Thank you.
Click on the bucket. Go to properties, scroll to the bottom, under 'static website hosting', click edit then enable.
Once saved, you will be provided with a 'bucket website endpoint' (i.e. a url to access your files).
Under the 'permissions' tab, you may also need to allow public access to the objects in the bucket by adding a bucket policy like this:
{
"Version": "2012-10-17",
"Id": "Policy1517754859350",
"Statement": [
{
"Sid": "AllowGetObjects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME-HERE/*"
}
]
}
AWS S3 objects can be accessed at https://{bucket}.s3.amazonaws.com/{key}.
You should have seen an error message in the webpage.
But before that, make sure that the object in the bucket is public. Go to the bucket, change the object to make it public.
But best option is to create a CloudFront distribution. Otherwise accessing S3 bucket directly is costly.
In addition to the other two answers posted, which helped move me in the right direction I was able to get more insights and discovered that the easiest way to provide read-only access to bucket assets is to set an ACL that is domain specific so that only requests that come from the designated URL will have read access to the contents of the bucket:
{
"Version": "2012-10-17",
"Id": "http referer policy",
"Statement": [
{
"Sid": "Allow get requests originating from www.example.com and example.com.",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringLike": {
"aws:Referer": "https://example.com/*"
}
}
}
]
}
The URL or path to the resources is provided in the Control Panel when you add objects to the bucket and is listed as the
Object URL
.
I will appreciate if anyone can point me out where I'm doing wrong. see below steps
I have a domain name in route53.
Based on the domain name, I have created a bucket name ( for sake of my question lets stick to bucket and domain name as abc.nl)
Created the bucket, without changing any default provided check-list.
Clicked the bucket(abc.nl) and added below "bucket policy"
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1234567:user/usrname"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::abc.nl/*"
}
]
}
I have provided my username policy of AmazonS3FullAccess in IAM.
My Block public access (account settings) also unchanged.
Now I uploaded my all static files to the bucket(abc.nl).
In properties tab, I have added index.html under static website hosting block.
Now, as per the manual, I should able to click the link and access the page.
But for some reason, it's throwing me 403 access forbidden error.
In my understanding, by simply adding bucket policy you turn on public access. But for me, I don't see "public" tag. So, don't know what's going on. (My understanding could be wrong, hence this post.)
In case you are wondering which manual, I'm following, https://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.htmlhow to host static web site.
Anyway, anyone points me out, where I'm doing wrong and which options should I choose from the permissions for the bucket? I could be missing out some lines.
PS: I have created and deleted the same bucket multiple times, just to start fresh every time.
The Principal value of your bucket policy is wrong. Copied from the Example: Setting up a Static Website Using a Custom Domain that you have linked to:
To grant public read access, attach the following bucket policy to the example.com bucket, substituting the name of your bucket for example.com.
{
"Version":"2012-10-17",
"Statement":[{
"Sid":"PublicReadGetObject",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::example.com/*"]
}]
}
To make the bucket public (= everyone), you need to set * as principal in your bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::abc.nl/*"
}
]
}
Please also check that you don't have Block public access settings on the bucket because it will prevent you from making the bucket public.
Follow the below Steps 100% working.
Under Buckets, choose the name of your bucket.
Choose Permissions.
Under Bucket Policy, choose Edit.
To grant public read access to your website, copy the following bucket policy, and paste it into the Bucket policy editor.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::**YOUR-BUCKET-NAME**/*"
]
}
]
}
NOTE: AWS documentation Link
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::pasteyourbucketname(copy&pasteARNName)/*"
}
]
}
Suppose I have an S3 bucket that has "Everyone Read" permission. Bucket is not public. Means anyone can access objects by typing its url in the browser. Now I want to remove this access from URL thing in browser. One option is to go to each images and remove "Read" from "Everyone" section. But since there are huge amount of images so this is not feasible.
So can I put such bucket policy which allows access only from one IAM user and not from browser thing? I tried adding such bucket policy that allow access to all resources for only specific user but still images are accessible from browsing through URL. Any thoughts?
Edit: Adding policy that I tried
{
"Id": "Policy1",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::test-bucket-public-issue",
"Principal": {
"AWS": [
"arn:aws:iam::AccounId:user/Username"
]
}
}
]
}
Ok #Himanshu Mohan I will explain you what i have done. I have created a S3 bucket and then i added the below bucket policy
{
"Version": "2012-10-17",
"Id": "Policy1534419239074",
"Statement": [
{
"Sid": "Stmt1534419237657",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::xxx-xxx-test/*"
}
]
}
While adding this policy the bucket will automatically public
Then i have uploaded an image as what you referred and i was able to access the same image via browser.
Now I changed the policy back to as what you said
Now i was not able to access the image, will show the access denied xml response. The only difference i see is i have added the /* after the bucket name "Resource": "arn:aws:s3:::xxx-xxx-test/*".
I'm googling since several hour without solution.
I'm trying to manage my bucket as web directory but it's not working fine.
Here is my bucket policy :
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my_bucket/*"
}
]
}
I have an index html file at top level of the bucket, and a directory.
I can access the index file like this :
https://s3-eu-west-1.amazonaws.com/my_bucket/my_index_file.html
But all the following request give an xml access access denied error
https://s3-eu-west-1.amazonaws.com/my_bucket/
https://s3-eu-west-1.amazonaws.com/my_bucket
https://s3-eu-west-1.amazonaws.com/my_bucket/my_folder
https://s3-eu-west-1.amazonaws.com/my_bucket/my_folder/my_sub_folder
I haven't found a solution. Please let me konow if someone know how to achieve this, so that I can browse my bucket through firefox or another browser.
Thanks
If you want to make the static website hosting with the necessary index.html & default pages - you need to enable S3 Static Website Hosting. Just making the files / S3 objects public wouldn't help the index.html routing.
Once you do that you would get URLs like - http://examplebucket.s3-website-us-east-1.amazonaws.com/
Checkout the following links
http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
http://docs.aws.amazon.com/gettingstarted/latest/swh/website-hosting-intro.html
You have to create 2 buckets, one for example.com and one for www.example.com
Set bucket policy for both like below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.com/"
}
]
}
Follow this link : https://docs.aws.amazon.com/AmazonS3/latest/dev/website-hosting-custom-domain-walkthrough.html